Curl_input_negotiate: do not delegate GSSAPI credentials

This is a security flaw. See curl advisory 20110623 for details.

Reported by: Richard Silverman

whitespace cleanup: no space first in conditionals

"if(a)" is our style, not "if( a )"

source cleanup: unify look, style and indent levels

By the use of a the new lib/checksrc.pl script that checks that our
basic source style rules are followed.

Fix a couple of spelling errors in lib/

Found with codespell.

negotiation: Wrong proxy authorization

There's an error in http_negotiation.c where a mistake is using only
userpwd even for proxy requests. Ludek provided a patch, but I decided
to

negotiation: Wrong proxy authorization

There's an error in http_negotiation.c where a mistake is using only
userpwd even for proxy requests. Ludek provided a patch, but I decided
to write the fix slightly different using his patch as inspiration.

Reported by: Ludek Finstrle
Bug: http://curl.haxx.se/bug/view.cgi?id=3046066

show more ...

fix spnego memory leak

OOM fixes in http_negociate.c and lib/splay.c

Fix 2 OOM errors: a missing NULL-check in lib/http_negociate.c
and a potential NULL dereferencing in lib/splay.c

remove the CVSish $Id$ lines

libcurl's memory.h renamed to curl_memory.h

fix compiler warning: implicit conversion shortens 64-bit value into a 32-bit value

moved the Curl_raw_ functions into the new lib/rawstr.c file for easier curlx_
inclusion by the curl tool without colliding with the curl_strequal functions.

Made some variables const which eliminated some casts

libcurl internal base64.h header file renamed to curl_base64.h

Fix Use of conditional definition of USE_OPENSSL

David Rosenstrauch reported that header files spnegohelp.h and
openssl/objects.h were needed to compile SPNEGO support.

- Andre Guibert de Bruet fixed a second case of not checking the malloc()
return code in the Negotiate code.

- Andre Guibert de Bruet found and fixed a case where malloc() was called but
was not checked for a NULL return, in the Negotiate code.

- Fix the MIT / Heimdal check for good:
Define HAVE_GSSMIT if <gssapi/{gssapi.h,gssapi_generic.h,gssapi_krb5.h}> are
available, otherwise define HAVE_GSSHEIMDAL if <gssapi.h> is available

- Fix the MIT / Heimdal check for good:
Define HAVE_GSSMIT if <gssapi/{gssapi.h,gssapi_generic.h,gssapi_krb5.h}> are
available, otherwise define HAVE_GSSHEIMDAL if <gssapi.h> is available.

Only define GSS_C_NT_HOSTBASED_SERVICE to gss_nt_service_name if
GSS_C_NT_HOSTBASED_SERVICE isn't declared by the gssapi headers. This should
avoid breakage in case we wrongly recognize Heimdal as MIT again.

show more ...

- Anatoli Tubman found and fixed a crash with Negotiate authentication used on
a re-used connection where both requests used Negotiate.

While inspecting the Negotiate code, I noticed how the proxy auth was using
the same state struct as the host auth, so both could never be used at the
same time! I fixed it (without being abl

While inspecting the Negotiate code, I noticed how the proxy auth was using
the same state struct as the host auth, so both could never be used at the
same time! I fixed it (without being able to check) to use two separate
structs to allow authentication using Negotiate on host and proxy
simultanouesly.

show more ...

white space changes only to clean up indent and source width

removed space after if and while before the parenthesis for better source code
consistency

Mark Davies fixed Negotiate authentication over proxy, and also introduced
the --proxy-negotiate command line option to allow a user to explicitly
select it.

Fixed some minor type mismatches and missing consts mainly found by splint.

Fixes some more out of memory handling bugs.